cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connect On premise back end system with Cloud Foundry

Go to solution
Mayanksaxena15
Explorer

on ‎06-17-2018 1:23 PM

0 Kudos

Hello Everyone,

Could someone please explain the steps to connect on-premise back end system with SAP Cloud Foundry sub account.

I have already checked this blog and not able to understand the concept with app router.

Do we have any other way?

https://blogs.sap.com/2017/07/13/part-2-how-to-use-the-sap-cloud-platform-connectivity-and-the-cloud...

Regards,

Mayank

Show replies
Show replies
gregorw
Active Contributor
‎06-18-2018 11:45 AM
0 Kudos

Please clarify if you want to connect from onPremise to the application deployed in the SCP Cloud Foundry Environment or the other way round. From onPrem you just need to establish a HTTPS connection.

Mayanksaxena15
Explorer
‎06-18-2018 2:03 PM
0 Kudos

Hello Gregor,

Thank you for your reply . It is other way round. I am using the ES5 Odata service from my Multi target app with UI5 Module.

Regards,

Mayank

Answer

Accepted Solutions (1)

Accepted Solutions (1)

Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎06-18-2018 5:46 PM

Hi Mayank,

Please check Open SAP Course Cloud-Native Development with SAP Cloud Platform - On Week 5 Unit 1 they discuss App Router and CF Security in detail.

On Neo, you don't need an App Router because the Destination Service already "acts" like a "proxy" for the incoming requests via an url. In CF, that is done by the App Router. However, satisfying the "Same Origin" is not the only role for the app router in CF. Among other things, you could implement your own logic in it. Something like the following is possible: Let's say you'd like your business users to access version 1.0 while developers are accessing version 2.0 (blue/green deployment). That logic has to be implemented in the App Router application.

Therefore, if you plan on securing your application, I highly recommend you to use the App Router.

The mentioned blog goes through the steps of connecting a CF application to a on-premise ABAP system (OData Service) via SAP Cloud Connector. If you are using a public system (a publicly available REST service), you don't need to setup the SAP Cloud Connector. Basically you could follow the blog instructions, and make your Proxy Type as "Internet" in the destination. All the rest should be the same as they are required more in terms of JTW token exchange between the several pieces (micro-services) to make up the authentication and authorization.

Regards,
Ivan

Show replies
Show replies
Mayanksaxena15
Explorer
‎06-19-2018 8:53 AM
0 Kudos

Hello Ivan,

Thank you for pointing to the open SAP course. Now the need of app router is clear. As I mentioned I created the MTA app and added UI5 module in that which is calling the Odata service. I am able to successfully navigate from app router to the login page of XSUAA. Now I would like to do the configuration in my UI5 module. As in the blog Java module is used, and I don't have plain HTML5 module. I am confused now , how to add the connectivity service instance and destination service instance in my UI5 module yaml file.

Below mentioned is my code for mta.yaml file: What is the format for adding the connectivity and destination service:

ID: SampleES5MTA
_schema-version: '2.1'
version: 0.0.1
modules:
 - name: SampleES5Data
   type: html5
   path: SampleES5Data
   parameters:
      disk-quota: 256M
      memory: 256M
   build-parameters:
      builder: grunt

Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎06-19-2018 3:42 PM
0 Kudos

It sounds like a different question. If so, please post on another thread.

Answers (1)

Answers (1)

WRoeckelein
Active Participant
‎09-04-2018 8:37 AM
0 Kudos

Hi Mayank and ivan.mirisola ,

I attended this course. However the course did not deal with the specifics of having only HTML5 module inside a MTA application with its included approuter (try with WebIDE Full-Stack creating a MTA and then create inside a HTML5 module) and NO microservice. Also for on premise access your proxy type should be onpremise IMHO...

Regards,

Wolfgang

Show replies
Show replies
Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎09-04-2018 8:08 PM
0 Kudos

Hi Wolfgang,

In the HTML5 you declare the authentication method like the following:

{
  "welcomeFile": "/<module_name>/index.html",
  "authenticationMethod": "route",
  "logout": {
    "logoutEndpoint": "/do/logout"
  },
  "routes": [
    {
      "source": "^/hmtl5/(.*)$",
      "target": "$1",
      "localDir": "webapp"
    }
  ]
}
<br>

'authenticationMethod = route' will force the html5 to open only when there is an authenticated session (JWT). If you need to restrict your application according to scopes, you have to declare them in the xs-app.json as well. By default, an html5 application inside an MTA project will have the above xs-app.json - which means it already comes with authentication enabled. However, it must be used in conjunction with the uaa service created versus the xs-security.json that defines the security scopes.

Please see this tutorial where in step 12 this well explained.

Best regards,
Ivan

Ask a Question